toolkit/components/passwordmgr/InsecurePasswordUtils.jsm@129ffea94266
toolkit/components/passwordmgr/InsecurePasswordUtils.jsm
Sat, 03 Jan 2015 20:18:00 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Sat, 03 Jan 2015 20:18:00 +0100
- branch
- TOR_BUG_3246
- changeset 7
- 129ffea94266
- permissions
- -rw-r--r--
Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 this.EXPORTED_SYMBOLS = [ "InsecurePasswordUtils" ];
7 const Ci = Components.interfaces;
8 const Cu = Components.utils;
9 const Cc = Components.classes;
11 Cu.import("resource://gre/modules/Services.jsm");
12 Cu.import("resource://gre/modules/XPCOMUtils.jsm");
14 XPCOMUtils.defineLazyModuleGetter(this, "devtools",
15 "resource://gre/modules/devtools/Loader.jsm");
17 Object.defineProperty(this, "WebConsoleUtils", {
18 get: function() {
19 return devtools.require("devtools/toolkit/webconsole/utils").Utils;
20 },
21 configurable: true,
22 enumerable: true
23 });
25 const STRINGS_URI = "chrome://global/locale/security/security.properties";
26 let l10n = new WebConsoleUtils.l10n(STRINGS_URI);
28 this.InsecurePasswordUtils = {
30 _sendWebConsoleMessage : function (messageTag, domDoc) {
31 /*
32 * All web console messages are warnings for now so I decided to set the
33 * flag here and save a bit of the flag creation in the callers.
34 * It's easy to expose this later if needed
35 */
37 let windowId = WebConsoleUtils.getInnerWindowId(domDoc.defaultView);
38 let category = "Insecure Password Field";
39 let flag = Ci.nsIScriptError.warningFlag;
40 let message = l10n.getStr(messageTag);
41 let consoleMsg = Cc["@mozilla.org/scripterror;1"]
42 .createInstance(Ci.nsIScriptError);
44 consoleMsg.initWithWindowID(
45 message, "", 0, 0, 0, flag, category, windowId);
47 Services.console.logMessage(consoleMsg);
48 },
50 /*
51 * Checks whether the passed uri is secure
52 * Check Protocol Flags to determine if scheme is secure:
53 * URI_DOES_NOT_RETURN_DATA - e.g.
54 * "mailto"
55 * URI_IS_LOCAL_RESOURCE - e.g.
56 * "data",
57 * "resource",
58 * "moz-icon"
59 * URI_INHERITS_SECURITY_CONTEXT - e.g.
60 * "javascript"
61 * URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT - e.g.
62 * "https",
63 * "moz-safe-about"
64 *
65 * The use of this logic comes directly from nsMixedContentBlocker.cpp
66 * At the time it was decided to include these protocols since a secure
67 * uri for mixed content blocker means that the resource can't be
68 * easily tampered with because 1) it is sent over an encrypted channel or
69 * 2) it is a local resource that never hits the network
70 * or 3) it is a request sent without any response that could alter
71 * the behavior of the page. It was decided to include the same logic
72 * here both to be consistent with MCB and to make sure we cover all
73 * "safe" protocols. Eventually, the code here and the code in MCB
74 * will be moved to a common location that will be referenced from
75 * both places. Look at
76 * https://bugzilla.mozilla.org/show_bug.cgi?id=899099 for more info.
77 */
78 _checkIfURIisSecure : function(uri) {
79 let isSafe = false;
80 let netutil = Cc["@mozilla.org/network/util;1"].getService(Ci.nsINetUtil);
81 let ph = Ci.nsIProtocolHandler;
83 if (netutil.URIChainHasFlags(uri, ph.URI_IS_LOCAL_RESOURCE) ||
84 netutil.URIChainHasFlags(uri, ph.URI_DOES_NOT_RETURN_DATA) ||
85 netutil.URIChainHasFlags(uri, ph.URI_INHERITS_SECURITY_CONTEXT) ||
86 netutil.URIChainHasFlags(uri, ph.URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT)) {
88 isSafe = true;
89 }
91 return isSafe;
92 },
94 /*
95 * Checks whether the passed nested document is insecure
96 * or is inside an insecure parent document.
97 *
98 * We check the chain of frame ancestors all the way until the top document
99 * because MITM attackers could replace https:// iframes if they are nested inside
100 * http:// documents with their own content, thus creating a security risk
101 * and potentially stealing user data. Under such scenario, a user might not
102 * get a Mixed Content Blocker message, if the main document is served over HTTP
103 * and framing an HTTPS page as it would under the reverse scenario (http
104 * inside https).
105 */
106 _checkForInsecureNestedDocuments : function(domDoc) {
107 let uri = domDoc.documentURIObject;
108 if (domDoc.defaultView == domDoc.defaultView.parent) {
109 // We are at the top, nothing to check here
110 return false;
111 }
112 if (!this._checkIfURIisSecure(uri)) {
113 // We are insecure
114 return true;
115 }
116 // I am secure, but check my parent
117 return this._checkForInsecureNestedDocuments(domDoc.defaultView.parent.document);
118 },
121 /*
122 * Checks if there are insecure password fields present on the form's document
123 * i.e. passwords inside forms with http action, inside iframes with http src,
124 * or on insecure web pages. If insecure password fields are present,
125 * a log message is sent to the web console to warn developers.
126 */
127 checkForInsecurePasswords : function (aForm) {
128 var domDoc = aForm.ownerDocument;
129 let pageURI = domDoc.defaultView.top.document.documentURIObject;
130 let isSafePage = this._checkIfURIisSecure(pageURI);
132 if (!isSafePage) {
133 this._sendWebConsoleMessage("InsecurePasswordsPresentOnPage", domDoc);
134 }
136 // Check if we are on an iframe with insecure src, or inside another
137 // insecure iframe or document.
138 if (this._checkForInsecureNestedDocuments(domDoc)) {
139 this._sendWebConsoleMessage("InsecurePasswordsPresentOnIframe", domDoc);
140 }
142 if (aForm.action.match(/^http:\/\//)) {
143 this._sendWebConsoleMessage("InsecureFormActionPasswordsPresent", domDoc);
144 }
145 },
146 };
